From 93cefa2e058e30d964f6e45eb060108ee8266456 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Wed, 8 Mar 2023 22:15:38 +0000 Subject: [PATCH 1/3] Status reports: Warn if given commonName is not found in database Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index afdbb8871..0bfb9a6eb 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -4084,6 +4084,8 @@ read_db() { db_in="$EASYRSA_PKI/index.txt" pki_r_issued="$EASYRSA_PKI/renewed/issued" pki_r_by_sno="$EASYRSA_PKI/renewed/certs_by_serial" + unset -v target_found + while read -r db_status db_notAfter db_record; do # Interpret the db/certificate record @@ -4151,7 +4153,17 @@ read_db() { ;; *) die "Unrecognised report: $report" esac + + # Is db record for target found + [ "$target" = "$db_cn" ] && target_found=1 + done < "$db_in" + + # Check for target found/valid commonName, if given + if [ "$target" ]; then + [ "$target_found" ] || \ + warn "Certificate for $target was not found" + fi } # => read_db() # Expire status From d455e84b7e167e8760814c54e48d893e3f30c58b Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Wed, 8 Mar 2023 22:20:57 +0000 Subject: [PATCH 2/3] Status reports: Refactor conditionals that can cause untrapped errors Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 0bfb9a6eb..185a02494 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -4126,7 +4126,10 @@ read_db() { V|E) case "$target" in '') expire_status ;; - *) [ "$target" = "$db_cn" ] && expire_status + *) + if [ "$target" = "$db_cn" ]; then + expire_status + fi esac ;; *) @@ -4138,7 +4141,10 @@ read_db() { if [ "$db_status" = R ]; then case "$target" in '') revoke_status ;; - *) [ "$target" = "$db_cn" ] && revoke_status + *) + if [ "$target" = "$db_cn" ]; then + revoke_status + fi esac fi ;; @@ -4147,7 +4153,10 @@ read_db() { if [ "$db_status" = V ]; then case "$target" in '') renew_status ;; - *) [ "$target" = "$db_cn" ] && renew_status + *) + if [ "$target" = "$db_cn" ]; then + renew_status + fi esac fi ;; @@ -4155,7 +4164,9 @@ read_db() { esac # Is db record for target found - [ "$target" = "$db_cn" ] && target_found=1 + if [ "$target" = "$db_cn" ]; then + target_found=1 + fi done < "$db_in" From 598b8f8617320a6efd80e615a054ca4118c8dff2 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Thu, 9 Mar 2023 20:36:27 +0000 Subject: [PATCH 3/3] Exit with error on untrapped error detected Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 185a02494..dc4ac0124 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -5773,10 +5773,14 @@ esac # Check for untrapped errors # shellcheck disable=SC2181 -[ $? = 0 ] || warn "Untrapped error detected!" +if [ $? = 0 ]; then + # Do 'cleanup ok' on successful completion + #print "mktemp_counter: $mktemp_counter uses" + cleanup ok +fi -# Do 'cleanup ok' on successful completion -#print "mktemp_counter: $mktemp_counter uses" -cleanup ok +# Otherwise, exit with error +warn "Untrapped error detected!" +cleanup # vim: ft=sh nu ai sw=8 ts=8 noet